Cisco Firepower NGIPS Tuning and Best Practices

Size: px
Start display at page:

Download "Cisco Firepower NGIPS Tuning and Best Practices"

Transcription

1

2 Cisco Firepower NGIPS Tuning and Best Practices John Wise, Security Instructor High Touch Delivery, Cisco Learning Services CTHCRT-2000

3 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space Cisco Spark spaces will be available until July 3, cs.co/ciscolivebot#cthcrt Cisco and/or its affiliates. All rights reserved. Cisco Public

4 Agenda Introduction Inspection Order Network Discovery Traffic to Not Inspect and Fast Path Base Intrusion Policies Variables Connection Events

5 Introduction

6 Cisco Learning Services Internet crime costs companies billions of dollars annually Where can you get official training on Firepower technologies? Cisco High Touch Delivery at We offer a 4-day ILT or Virtual course based on Firepower, where we cover everything from the ground up. Developed and delivered by Cisco High Tough Delivery in Advanced Services, we are the official place for all Firepower security training. Understanding how to profile attackers and defend network and data assets is essential Firepower Class offerings: Firepower200: 5-day course covering Firepower Threat Defense SSFIPS: 4-day course covering Firepower NGIPS Cisco Learning Services Security training will help protect your business s reputation, which is one of its most important assets Just ask if you would like additional information! To learn more about the Cisco Learning Services Security courses, visit CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 6

7 Ask Yourself Am I sure I am properly configured? Am I optimally tuned? Could I improve my system performance, security posture, and reduce false positives? Let s look at a few of the most common misunderstandings and misconfigurations save yourself a call to support! We have 30 minutes. Lets begin! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 7

8 Understand The Order of Inspection

9 Firepower Order of Inspection Memorize This! Traffic Flow Security Intelligence SSL Access Control Further Inspection Malware & File Intrusion Inspect, block, or store files. Detect, block, and alert on files determined to be malware. IPS. Traffic inspection by Snort Rules looking for malicious traffic. Blocks: Blacklisted IPs, DNS, and URLs before inspection by ACP. Traffic blocked here never enters the later policies. Decrypts SSL traffic. Ability to block SSL traffic based on criteria. Decrypted traffic can be seen by the later policies. Firewall Component Inspect up to Layer 7. Make Block, Inspect, or Trust (no further inspection) decisions on traffic. CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 9

10 Define Your Network Discovery

11 Network Discovery Firepower will automatically build Host Profiles Based on your Network Discovery Firepower Management Center Automatically Generated Host Profiles Network Discovery Services Applications Vulnerabilities Protocols Ports Operating Systems Managed Device CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 11

12 Network Discovery Processing Order But this only occurs here Further Inspection Traffic Flow Fast Path Security Intelligence SSL Access Control Network Discovery Malware & File Intrusion Therefore, If traffic does not reach this inspection point no discovery information is captured! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 12

13 Is Your Network Discovery Defined? so you must go in and define this policy! Define your network here Did you know? Not defining your Network Discovery can cause you to exceed your host limits! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 13

14 Define Your Network 2 nd, Discover to build host profiles Your internal network what you are protecting 1 st ensure this is enabled. In 6.x this is off by default 3 rd, Exclude to prevent host profiles for certain devices Load Balancers, NAT Devices, anything you are not protecting CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 14

15 Identify Traffic to Not Inspect

16 Should You Inspect all Traffic? Probably Not. Traffic not requiring inspection VOIP Backup Scanner How? You use an ACP rule with the trust action to not inspect traffic Elephant flows can cause performance issues! Backup traffic is a prime example You can usually tell you have an elephant flow when you see just one CPU core spike! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 16

17 Can You Fast Path Any Traffic?

18 Fast Pathing Traffic is Fast! Fast Pathing traffic is the fastest way to not inspect certain traffic Can also be used to block in certain hardware and configurations Further Inspection Traffic Flow Fast Path Security Intelligence SSL Access Control Network Discovery Malware & File Intrusion This is where fast pathed traffic is processed CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 18

19 Fast Pathing Based On Firepower Platform Cisco ASA with FirePOWER Services You fast path differently in each of these three platforms! FirePOWER 7000/8000 Firepower Threat Defense Image for ASA 5500-X*, Firepower 2100, 4100, 9300, VMware, and Amazon Web Services *Excludes AS5585-X CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 19

20 Fast Pathing With ASA Firepower Services Fast Path on the ASA, not in Firepower FirePOWER Yes Receive Packet Ingress Interface Existing Conn. ACL Match Permit Xlate No Yes Yes Inspections Sec. Checks No Drop No Drop No Drop NAT IP Header Egress Interface L3 Route Yes L2 Address Yes XMIT Packet No No Drop Drop CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 20

21 Fast Pathing With Firepower 8000 Series 8000 Series devices can use Fast Path Rules defined in Devices tab Fast path rules are slowly going away however use promoted rules instead CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 21

22 Fast Pathing With Firepower 7000/8000 Series 7000/8000 use Promoted ACP Rules to fast path traffic Create ACP rules that: 1. Are Trust, Block, or Block with Reset 2. Have only: VLAN IP Security Zone Port 3. Be placed above all other ACP Rules If the ACP rule meets all these conditions, the rule will be promoted CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 22

23 Rule Promotion Example These two rules will automatically be promoted to fast path Notice both are using Port and IP for identifying the traffic, and are placed above all other rules! You wont see this occur in the GUI! This is an automatic system process CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 23

24 Promoted ACP Rule Processing 7000/8000 The promoted rules are written in ACP Further Inspection Traffic Flow Fast Path Security Intelligence SSL Access Control Network Discovery Malware & File Intrusion When applied to your Sensor they get automatically pushed to here CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 24

25 Fast Pathing With Firepower Threat Defense FTD Code has a new policy called Prefilter Prefilter uses limited outer-header criteria to quickly process traffic Fast Pathing occurs here Further Inspection Further Inspection Traffic Flow Prefilter Security Intelligence SSL Access Control Access Control Network Discovery Malware & File Intrusion CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 25

26 Base Intrusion Policies

27 Use One of These 3 Base Intrusion Policies Cisco Talos provides and updates Base Polices for you Choose the security approach you wish to have Talos provides updates at least twice a week, and respond to ever-changing security threats in real time Base Policies Connectivity over Security Balanced Security and Connectivity Security over Connectivity Increasing Protection Level CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 27

28 Are You Using One of These Base Policies? Maximum Detection Not for use in deployment Do Not Use unless directed to do so! No Rules Active Often used if planning to use Firepower Recommendations to turn rules on based on your environment Tip! If you plan to use Firepower Recommendations to adjust SNORT rule states, it is best to start with Security Over Conn and use the recommendations to adjust these in a layer Note: Talos rule updates do not automatically affect no rules active, and you will no longer have the advantage of Talos input for the rule states CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 28

29 Define Your HOME_NET Variable

30 Did You Define HOME_NET? HOME_NET is used in the majority of your SNORT rules Defining HOME_NET will significantly tune your system and reduce false positives This is one of the most important settings to configure! Look! This is defined as any you need to go in and define this with your internal and protected networks CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 30

31 EXTERNAL_NET

32 Did You Define EXTERNAL_NET? EXTERNAL_NET defines what is outside your network This is any by default You have two options: Define as not HOME_NET (!HOME_NET) Or Leave as any CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 32

33 Defining EXTERNAL_NET as!home_net is Popular, But Not Always Appropriate If you define EXTERNAL_NET as!home_net you will miss some internally-based attacks, but will notice a significant performance gain Be careful If you defined EXTERNAL_NET as!home_net and associated it to traffic originating from inside your network CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 33

34 Remember, Variables Are Assigned to Intrusion Policies in ACP Rules And therefore you can have multiple definitions! You choose the variable set here! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 34

35 So Consider Using Multiple EXTERNAL_NET Definitions Create a definition of EXTERNAL_NET as!home_net for traffic from outside your network to the inside of your network Leave EXTERNAL_NET as any for traffic that is Internal to Internal You can do this with Security Zones in your ACP rules! Traffic Flow ACP Rule 1 ACP Rule 2 EXTERNAL_NET set to any EXTERNAL_NET set to!home_net Access Control Sec over Conn Balanced ACP Rule 3 EXTERNAL_NET set to any CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 35

36 Tune Your Connection Events

37 Remember The Logging Flow Connection Events sent to Firepower Management Center Did you know Event Viewer refers to your Firepower Management Center? Traffic Flow Note: If connection logging is not enabled, no connection events are sent to the Firepower Management Center! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 37

38 But Should You Log All Connection Events? Probably Not. If you are logging all traffic, you will likely have poor retention times and could overwork your FMC So, create ACP rules to identify traffic you do not wish to log on! The best way to do this create a DNS query ACP rule that does not log connection events! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 38

39 Final Considerations!

40 Are You Aware? Security Intelligence Whitelists are only for overriding a Blacklist entry Whitelisted traffic is NOT trusted This traffic will continue through inspection! Did you know? In order to take advantage of DNS Security Intelligence (New in 6.x) you must first create a DNS and associate that policy to your ACP CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 40

41 And Lastly Turn it on here Use Adaptive Profiles This will reassemble IP fragments and Streams based on the OS seen in the Host Profile Do not modify or change your Network Analysis unless under guidance Leave this alone unless under expert guidance! CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 41

42 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. Complete your session surveys through the Cisco Live mobile app or on Don t forget: Cisco Live sessions will be available for viewing on demand after the event at Cisco and/or its affiliates. All rights reserved. Cisco Public

43 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions CTHCRT Cisco and/or its affiliates. All rights reserved. Cisco Public 43

44 Thank you

45

Monitoring the Device

Monitoring the Device The system includes dashboards and an Event Viewer that you can use to monitor the device and traffic that is passing through the device. Enable Logging to Obtain Traffic Statistics, page 1 Monitoring

More information

Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339

Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339 Cisco ASA with FirePOWER services Eric Kostlan, Technical Marketing Engineer Security Technologies Group, Cisco Systems LABSEC-2339 Agenda Introduction to Lab Exercises Platforms and Solutions ASA with

More information

Sourcefire Network Security Analytics: Finding the Needle in the Haystack

Sourcefire Network Security Analytics: Finding the Needle in the Haystack Sourcefire Network Security Analytics: Finding the Needle in the Haystack Mark Pretty Consulting Systems Engineer #clmel Agenda Introduction The Sourcefire Solution Real-time Analytics On-Demand Analytics

More information

Access Control Using Intrusion and File Policies

Access Control Using Intrusion and File Policies The following topics describe how to configure access control policies to use intrusion and file policies: Intrusions and Malware Inspection Overview, page 1 Access Control Traffic Handling, page 2 File

More information

Getting Started with Access Control Policies

Getting Started with Access Control Policies Getting Started with Control Policies The following topics describe how to start using access control policies: Introduction to Control, page 1 Managing Control Policies, page 6 Creating a Basic Control

More information

Connection Logging. Introduction to Connection Logging

Connection Logging. Introduction to Connection Logging The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: Introduction to, page 1 Strategies, page 2 Logging Decryptable Connections

More information

Threat Centric Network Security

Threat Centric Network Security BRKSEC-2056 Threat Centric Network Security Ted Bedwell, Principal Engineer Network Threat Defence Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this

More information

NXOS in the Real World Using NX-API REST

NXOS in the Real World Using NX-API REST NXOS in the Real World Using NX-API REST Adrian Iliesiu Corporate Development Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session

More information

Cisco Tetration Analytics

Cisco Tetration Analytics Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:

More information

Connection Logging. About Connection Logging

Connection Logging. About Connection Logging The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: About, page 1 Strategies, page 2 Logging Decryptable Connections with SSL

More information

The following topics describe how to manage various policies on the Firepower Management Center:

The following topics describe how to manage various policies on the Firepower Management Center: The following topics describe how to manage various policies on the Firepower Management Center: Policy Deployment, page 1 Policy Comparison, page 11 Policy Reports, page 12 Out-of-Date Policies, page

More information

Introduction to Cisco ASA to Firepower Threat Defense Migration

Introduction to Cisco ASA to Firepower Threat Defense Migration Introduction to Cisco ASA to Firepower Threat Defense Migration This guide describes how to use Cisco s migration tool to migrate firewall policy settings from your Cisco ASA to a Firepower Threat Defense

More information

Cisco Next Generation Firewall Services

Cisco Next Generation Firewall Services Toronto,. CA May 30 th, 2013 Cisco Next Generation Firewall Services Eric Kostlan Cisco Technical Marketing 2011 2012 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 Objectives At the

More information

Access Control Using Intrusion and File Policies

Access Control Using Intrusion and File Policies The following topics describe how to configure access control policies to use intrusion and file policies: About Deep Inspection, page 1 Access Control Traffic Handling, page 2 File and Intrusion Inspection

More information

* Knowledge of Adaptive Security Appliance (ASA) firewall, Adaptive Security Device Manager (ASDM).

* Knowledge of Adaptive Security Appliance (ASA) firewall, Adaptive Security Device Manager (ASDM). Contents Introduction Prerequisites Requirements Components Used Background Information Configuration Step 1. Configure Intrusion Policy Step 1.1. Create Intrusion Policy Step 1.2. Modify Intrusion Policy

More information

Device Management Basics

Device Management Basics The following topics describe how to manage devices in the Firepower System: The Device Management Page, on page 1 Remote Management Configuration, on page 2 Add Devices to the Firepower Management Center,

More information

Advanced Firepower IPS Deployment

Advanced Firepower IPS Deployment Advanced Firepower IPS Deployment Gary Halleen, Technical Solutions Architect BRKSEC-3300 Webex Teams Questions? Use Webex Teams to chat with the speaker after the session How 1 2 3 4 Find this session

More information

Deploying Intrusion Prevention Systems

Deploying Intrusion Prevention Systems Deploying Intrusion Prevention Systems Gary Halleen Consulting Systems Engineer II Agenda Introductions Introduction to IPS Comparing Cisco IPS Solutions IPS Deployment Considerations Migration from IPS

More information

Clarify Firepower Threat Defense Access Control Policy Rule Actions

Clarify Firepower Threat Defense Access Control Policy Rule Actions Clarify Firepower Threat Defense Access Control Policy Rule Actions Contents Introduction Prerequisites Requirements Components Used Background Information How ACP is Deployed Configure ACP Available Actions

More information

PSOACI Tetration Overview. Mike Herbert

PSOACI Tetration Overview. Mike Herbert Tetration Overview Mike Herbert Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion

More information

Intelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010

Intelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010 Intelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010 Agenda Challenges Architectures Cisco IWAN Proof Points Challenges Application landscape is changing Applications Are Moving to

More information

Snort: The World s Most Widely Deployed IPS Technology

Snort: The World s Most Widely Deployed IPS Technology Technology Brief Snort: The World s Most Widely Deployed IPS Technology Overview Martin Roesch, the founder of Sourcefire and chief security architect at Cisco, created Snort in 1998. Snort is an open-source,

More information

Configure FTD Interfaces in Inline-Pair Mode

Configure FTD Interfaces in Inline-Pair Mode Configure FTD Interfaces in Inline-Pair Mode Contents Introduction Prerequisites Requirements Components Used Background Information Configure Inline Pair Interface on FTD Network Diagram Verify Verify

More information

Configuration and Operation of FTD Prefilter

Configuration and Operation of FTD Prefilter Configuration and Operation of FTD Prefilter Policies Contents Introduction Prerequisites Requirements Components Used Background Information Configure Pre-filter Policy Use Case 1 Pre-filter Policy Use

More information

Dissecting Firepower-FTD & Firepower-Services Design & Troubleshooting

Dissecting Firepower-FTD & Firepower-Services Design & Troubleshooting BRKSEC-3455 Dissecting Firepower-FTD & Firepower-Services Design & Troubleshooting Foster Lipkey, Technical Leader Veronika Klauzova, TAC Tech Lead Cisco Spark How Questions? Use Cisco Spark to communicate

More information

Understanding HTTPS to Decrypt it

Understanding HTTPS to Decrypt it Understanding HTTPS to Decrypt it James Everett Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join

More information

Chapter 6: IPS. CCNA Security Workbook

Chapter 6: IPS. CCNA Security Workbook Chapter 6: IPS Technology Brief As the awareness of cyber and network security is increasing day by day, it is very important to understand the core concepts of Intrusion Detection/Defense System (IDS)

More information

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data SEE everything in your environment LEARN by applying security intelligence to data ADAPT defenses automatically ACT in real-time Sourcefire Solutions Overview Security for the Real World Change is constant.

More information

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment BRKPAR-2488 AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment Edy Almer How to Secure and Automate Your Heterogeneous Cisco Environment Yogesh Kaushik, Senior Director Cisco Doug

More information

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Firepower NGFW. Anticipate, block, and respond to threats Cisco Firepower NGFW Anticipate, block, and respond to threats Digital Transformation on a Massive Scale 15B Devices Today Attack Surface 500B Devices In 2030 Threat Actors $19T Opportunity Next 10 Years

More information

DNA Automation Services Offerings

DNA Automation Services Offerings DNA Automation Services Offerings Jamie Owen, Solutions Architect, Cisco Advanced Services Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session

More information

Advanced IPS Deployment

Advanced IPS Deployment Advanced IPS Deployment Gary Halleen, Technical Solutions Architect BRKSEC-3300 About your Speaker Gary Halleen gary@cisco.com Technical Solutions Architect Cisco Global Security Sales Organization Oregon

More information

TRex Realistic Traffic Generator

TRex Realistic Traffic Generator DEVNET-1120 TRex Realistic Traffic Generator Hanoch Haim, Principal Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco

More information

Device Management Basics

Device Management Basics The following topics describe how to manage devices in the Firepower System: The Device Management Page, on page 1 Remote Management Configuration, on page 2 Adding Devices to the Firepower Management

More information

DNS Policies. DNS Policy Overview. The following topics explain DNS policies, DNS rules, and how to deploy DNS policies to managed devices.

DNS Policies. DNS Policy Overview. The following topics explain DNS policies, DNS rules, and how to deploy DNS policies to managed devices. The following topics explain DNS policies, DNS rules, and how to deploy DNS policies to managed devices. DNS Policy Overview, page 1 DNS Policy Components, page 2 DNS Rules, page 6 DNS Policy Deploy, page

More information

Cisco Firepower NGFW. Anticipate, block, and respond to threats

Cisco Firepower NGFW. Anticipate, block, and respond to threats Cisco Firepower NGFW Anticipate, block, and respond to threats You have a mandate to build and secure a network that supports ongoing innovation Mobile access Social collaboration Public / private hybrid

More information

Design and Deployment of SourceFire NGIPS and NGFWL

Design and Deployment of SourceFire NGIPS and NGFWL Design and Deployment of SourceFire NGIPS and NGFWL BRKSEC - 2024 Marcel Skjald Consulting Systems Engineer Enterprise / Security Architect Abstract Overview of Session This technical session covers the

More information

Device Management Basics

Device Management Basics The following topics describe how to manage devices in the Firepower System: The Device Management Page, page 1 Remote Management Configuration, page 2 Adding Devices to the Firepower Management Center,

More information

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017

Cisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017 Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope

More information

Cisco ASA with FirePOWER Services

Cisco ASA with FirePOWER Services Cisco ASA with FirePOWER Services TDM Thomas Jankowsky Consulting Systems Engineer May 2015 Introduction Industry s First Threat-Focused Next-Generation Firewall (NGFW) Proven Cisco ASA firewalling Industry-leading

More information

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer Cisco Next Generation Firewall and IPS Dragan Novakovic Security Consulting Systems Engineer Cisco ASA with Firepower services Cisco TALOS - Collective Security Intelligence Enabled Clustering & High Availability

More information

Activating Intrusion Prevention Service

Activating Intrusion Prevention Service Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers

More information

Routing Underlay and NFV Automation with DNA Center

Routing Underlay and NFV Automation with DNA Center BRKRST-1888 Routing Underlay and NFV Automation with DNA Center Prakash Rajamani, Director, Product Management Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session

More information

Configuring Firepower Threat Defense interfaces in Routed mode

Configuring Firepower Threat Defense interfaces in Routed mode Configuring Firepower Threat Defense interfaces in Routed mode Contents Introduction Prerequisites Requirements Components Used Background Information Configure Network Diagram Configure a Routed Interface

More information

Licensing the Firepower System

Licensing the Firepower System The following topics explain how to license the Firepower System. About Firepower Feature Licenses, page 1 Service Subscriptions for Firepower Features, page 1 Classic Licensing for the Firepower System,

More information

Prefiltering and Prefilter Policies

Prefiltering and Prefilter Policies The following topics describe how to configure prefiltering: Introduction to Prefiltering, on page 1 Prefiltering vs Access Control, on page 2 About Prefilter Policies, on page 4 Configuring Prefiltering,

More information

Tetration Hands-on Lab from Deployment to Operations Support

Tetration Hands-on Lab from Deployment to Operations Support LTRACI-2184 Tetration Hands-on Lab from Deployment to Operations Support Furong Gisiger, Solutions Architect Lawrence Zhu, Sr. Solutions Architect Cisco Spark How Questions? Use Cisco Spark to communicate

More information

Dissecting Firepower-FTD & Firepower-Services Design & Troubleshooting

Dissecting Firepower-FTD & Firepower-Services Design & Troubleshooting Dissecting Firepower-FTD & Firepower-Services Design & Troubleshooting Veronika Klauzova BRKSEC-3455 Agenda Introduction Updated FTD Packet Flow Data-Path Improvements Best Practices for Deployments Troubleshooting

More information

Getting Started with Network Analysis Policies

Getting Started with Network Analysis Policies The following topics describe how to get started with network analysis policies: Network Analysis Policy Basics, page 1 Managing Network Analysis Policies, page 2 Network Analysis Policy Basics Network

More information

Cloud-Managed Security for Distributed Networks with Cisco Meraki MX

Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Joe Aronow, Product Architect Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this

More information

AMP for Endpoints & Threat Grid

AMP for Endpoints & Threat Grid AMP for Endpoints & Threat Grid Response & Prevention Dean De Beer & Eric Hulse BRKSEC-2029 AMP Threat Grid Malware Analysis Engines & Techniques A little background Malware Analysis & Threat Intelligence

More information

Key Security Measures to Enable Next-Generation Data Center Transformation

Key Security Measures to Enable Next-Generation Data Center Transformation Key Security Measures to Enable Next-Generation Data Center Transformation Bill McGee Senior Manager, Security Solutions Cisco Systems, Inc. Agenda Data Center Security Challenges Secure DC Strategies

More information

The following topics describe how to configure correlation policies and rules.

The following topics describe how to configure correlation policies and rules. The following topics describe how to configure correlation policies and rules. Introduction to and Rules, page 1 Configuring, page 2 Configuring Correlation Rules, page 5 Configuring Correlation Response

More information

Host Identity Sources

Host Identity Sources The following topics provide information on host identity sources: Overview: Host Data Collection, on page 1 Determining Which Host Operating Systems the System Can Detect, on page 2 Identifying Host Operating

More information

Configuration Import and Export

Configuration Import and Export The following topics explain how to use the Import/Export feature: About Configuration Import/Export, page 1 Exporting Configurations, page 3 Importing Configurations, page 4 About Configuration Import/Export

More information

Network Discovery Policies

Network Discovery Policies The following topics describe how to create, configure, and manage network discovery policies: Overview:, page 1 Network Discovery Customization, page 2 Network Discovery Rules, page 3 Configuring Advanced

More information

Introduction to Cisco IoT Tools for Developers IoT 101

Introduction to Cisco IoT Tools for Developers IoT 101 Introduction to Cisco IoT Tools for Developers IoT 101 Mike Maas, Technical Evangelist, IoT, DevNet Angela Yu, Technical Leader DEVNET-1068 Agenda The Cisco IoT System Distributing IoT Applications Developer

More information

Access Control. Access Control Overview. Access Control Rules and the Default Action

Access Control. Access Control Overview. Access Control Rules and the Default Action The following topics explain access control rules. These rules control which traffic is allowed to pass through the device, and apply advanced services to the traffic, such as intrusion inspection. Overview,

More information

APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks

APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks Saurav Prasad Technical Marketing Engineer CTHNMS-1002 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after

More information

McAfee Network Security Platform Administration Course

McAfee Network Security Platform Administration Course McAfee Network Security Platform Administration Course Education Services administration course The McAfee Network Security Platform Administration course from McAfee Education Services is an essential

More information

Agile Security Solutions

Agile Security Solutions Agile Security Solutions Piotr Linke Security Engineer CISSP CISA CRISC CISM Open Source SNORT 2 Consider these guys All were smart. All had security. All were seriously compromised. 3 The Industrialization

More information

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption

How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption How to Predict, Detect & Stop threats at the Edge and Behind the Perimeter even in encrypted traffic without decryption Nikos Mourtzinos, CCIE #9763 Cisco Cyber Security Sales Specialist April 2018 New

More information

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology

More information

CloudCenter for Developers

CloudCenter for Developers DEVNET-1198 CloudCenter for Developers Conor Murphy, Systems Engineer Data Centre Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the

More information

Resilient WAN and Security for Distributed Networks with Cisco Meraki MX

Resilient WAN and Security for Distributed Networks with Cisco Meraki MX Resilient WAN and Security for Distributed Networks with Cisco Meraki MX Daghan Altas, Director of Product Management BRKSEC-2900 Agenda Problem Cisco CNG Live network creation demo (45m) Product Brief

More information

Features and Functionality

Features and Functionality Features and functionality introduced in previous versions may be superseded by new features and functionality in later versions. New or Changed Functionality in Version 6.2.2.x, page 1 Features Introduced

More information

The Internet of Everything is changing Everything

The Internet of Everything is changing Everything The Internet of Everything is changing Everything Next Generation Security John Tzortzakakis Security Solutions Architect, Security Business Group November 2014 Threat Landscape evolution 60% of data is

More information

Radware: Anatomy of an IoT Botnet and Economics of Defense

Radware: Anatomy of an IoT Botnet and Economics of Defense BRKPAR-4000 Radware: Anatomy of an IoT Botnet and Economics of Defense Eric Grubel Anatomy of an IoT Botnet and Economics of Defense Eric Grubel VP, Business Development January 2018 Theme of Discussion

More information

FirePOWER: Advanced Configuration and Tuning

FirePOWER: Advanced Configuration and Tuning FirePOWER: Advanced Configuration and Tuning Charlie Stokes Security Technical Marketing Engineer Agenda Introduction FirePOWER Appliances and Modules Before: Changes to Policy During: Changing how the

More information

Cisco Cloud Security for Public & Private Cloud Villayat Muhammad : Technical Leader BRKSEC-2016

Cisco Cloud Security for Public & Private Cloud Villayat Muhammad : Technical Leader BRKSEC-2016 Cisco Cloud Security for Public & Private Cloud Villayat Muhammad : Technical Leader BRKSEC-2016 Agenda Security Challenges Design and Integration Compliance Guidance Cloud Data Center Security Challenges

More information

Benefits of SDN Modeling and Analytics tool for complex Service Provider Network

Benefits of SDN Modeling and Analytics tool for complex Service Provider Network Benefits of SDN Modeling and Analytics tool for complex Service Provider Network George Backer, Senior Director, Charter Communications Manish Jani, Senior Architect, Cisco Systems BRKNMS-1010 BRKNMS-1010

More information

Your API Toolbelt Tools and techniques for testing, monitoring, and troubleshooting REST API requests

Your API Toolbelt Tools and techniques for testing, monitoring, and troubleshooting REST API requests DEVNET-1631 Your API Toolbelt Tools and techniques for testing, monitoring, and troubleshooting REST API requests Adam Kalsey, Spark Developer Relations Cisco Spark How Questions? Use Cisco Spark to communicate

More information

BGP in the Enterprise for Fun and (fake) Profit: A Hands-On Lab

BGP in the Enterprise for Fun and (fake) Profit: A Hands-On Lab BGP in the Enterprise for Fun and (fake) Profit: A Hands-On Lab Michael Kowal, Principal Systems Engineer, @ciscomk Dash Thompson, Systems Engineer, @dash_thompson Abel Ramirez, Systems Engineer, @ramirezabel21

More information

Introducing Cisco Network Assurance Engine

Introducing Cisco Network Assurance Engine BRKACI-2403 Introducing Cisco Network Assurance Engine Intent Based Networking for Data Centers Sundar Iyer, Distinguished Engineer Head Cisco Network Assurance Engine Team Dhruv Jain, Director of Product

More information

Hands-On with IoT Standards & Protocols

Hands-On with IoT Standards & Protocols DEVNET-3623 Hands-On with IoT Standards & Protocols Casey Bleeker, Developer Evangelist @geekbleek Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this

More information

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client

More information

Next generation branch with SD-WAN and NFV

Next generation branch with SD-WAN and NFV Next generation branch with SD-WAN and NFV Kiran Ghodgaonkar, Senior Manager, Enterprise Marketing Mani Ganeson, Senior Product Manager PSOCRS-2004 @ghodgaonkar Cisco Spark How Questions? Use Cisco Spark

More information

A Deep Dive into the Firepower Manager

A Deep Dive into the Firepower Manager A Deep Dive into the Firepower Manager William Young, Security Solutions Architect willyou@cisco.com @WilliamDYoung BRKSEC-2058 Just some Security Guy William Young Security Solutions Architect, Cisco

More information

Pass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS

Pass4sure q. Cisco Securing Cisco Networks with Sourcefire IPS Pass4sure.500-285.42q Number: 500-285 Passing Score: 800 Time Limit: 120 min File Version: 6.1 Cisco 500-285 Securing Cisco Networks with Sourcefire IPS I'm quite happy to announce that I passed 500-285

More information

Demystifying Machine Learning

Demystifying Machine Learning Demystifying Machine Learning Dmitry Figol, WW Enterprise Sales Systems Engineer - Programmability @dmfigol CTHRST-1002 Agenda Machine Learning examples What is Machine Learning Types of Machine Learning

More information

Multicast Troubleshooting

Multicast Troubleshooting Multicast Troubleshooting Denise Fish Fishburne Customer Proof of Concept Team Lead CCIE #2639, CCDE 2009:0014 BRKIPM-2264 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the

More information

About Advanced Access Control Settings for Network Analysis and Intrusion Policies

About Advanced Access Control Settings for Network Analysis and Intrusion Policies Advanced Access Control Settings for Network Analysis and Intrusion Policies The following topics describe how to configure advanced settings for network analysis and intrusion policies: About Advanced

More information

Introduction to Cisco ASA Firewall Services

Introduction to Cisco ASA Firewall Services Firewall services are those ASA features that are focused on controlling access to the network, including services that block traffic and services that enable traffic flow between internal and external

More information

Access Control. Access Control Overview. Access Control Rules and the Default Action

Access Control. Access Control Overview. Access Control Rules and the Default Action The following topics explain access control rules. These rules control which traffic is allowed to pass through the device, and apply advanced services to the traffic, such as intrusion inspection. Overview,

More information

Get Hands On With DNA Center APIs for Managing Intent

Get Hands On With DNA Center APIs for Managing Intent DEVNET-3620 Get Hands On With DNA Center APIs for Managing Intent Adam Radford Distinguished Systems Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session

More information

Task Scheduling. Introduction to Task Scheduling. Configuring a Recurring Task

Task Scheduling. Introduction to Task Scheduling. Configuring a Recurring Task The following topics explain how to schedule tasks: Introduction to, on page 1 Configuring a Recurring Task, on page 1 Scheduled Task Review, on page 17 Introduction to You can schedule many different

More information

Implementing Cisco Network Security (IINS) 3.0

Implementing Cisco Network Security (IINS) 3.0 Implementing Cisco Network Security (IINS) 3.0 COURSE OVERVIEW: Implementing Cisco Network Security (IINS) v3.0 is a 5-day instructor-led course focusing on security principles and technologies, using

More information

Firepower Management Center High Availability

Firepower Management Center High Availability The following topics describe how to configure Active/Standby high availability of Cisco Firepower Management Centers: About, on page 1 Establishing, on page 7 Viewing Status, on page 8 Configurations

More information

CSE 565 Computer Security Fall 2018

CSE 565 Computer Security Fall 2018 CSE 565 Computer Security Fall 2018 Lecture 20: Intrusion Prevention Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Firewalls purpose types locations Network perimeter

More information

Maximum Security with Minimum Impact : Going Beyond Next Gen

Maximum Security with Minimum Impact : Going Beyond Next Gen SESSION ID: SP03-W10 Maximum Security with Minimum Impact : Going Beyond Next Gen Wendy Moore Director, User Protection Trend Micro @WMBOTT Hyper-competitive Cloud Rapid adoption Social Global Mobile IoT

More information

Migrating Applications with CloudCenter

Migrating Applications with CloudCenter Migrating Applications with CloudCenter Tuan Nguyen, Technical Marketing Engineer, Insieme BU DEVNET-1179 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this

More information

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training McAfee Web Gateway Administration Intel Security Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction

More information

Cisco Security Monitoring, Analysis and Response System 4.2

Cisco Security Monitoring, Analysis and Response System 4.2 Q&A Cisco Security Monitoring, Analysis and Response System 4.2 GENERAL Q. What is the Cisco Security Monitoring, Analysis and Response System? A. The Cisco Security Monitoring, Analysis and Response System

More information

Managing Latency in IPS Networks

Managing Latency in IPS Networks Revision C McAfee Network Security Platform (Managing Latency in IPS Networks) Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended settings

More information

McAfee Web Gateway Administration

McAfee Web Gateway Administration McAfee Web Gateway Administration Education Services Administration Course Training The McAfee Web Gateway Administration course from Education Services provides an in-depth introduction to the tasks crucial

More information

Fully Integrated, Threat-Focused Next-Generation Firewall

Fully Integrated, Threat-Focused Next-Generation Firewall Cisco Firepower NGFW Fully Integrated, Threat-Focused Next-Generation Firewall Fuat KILIÇ, fkilic@cisco.com, +905339284608 Security Consulting Systems Engineer, CCIE #21150 September 2016 Get ahead of

More information

Git, Atom, virtualenv, oh my! Learn about dev tools to live by!

Git, Atom, virtualenv, oh my! Learn about dev tools to live by! BRKDEV-2633 Git, Atom, virtualenv, oh my! Learn about dev tools to live by! Ashley Roach, Principal Engineer Evangelist Agenda Introduction Why are developer tools useful? What s in the toolbelt? Tool

More information

Cisco UCS Agentless Configuration Management Ansible or Microsoft DSC

Cisco UCS Agentless Configuration Management Ansible or Microsoft DSC DEVNET-2916 Cisco UCS Agentless Configuration Management Ansible or Microsoft DSC John McDonough, Technical Leader Developer Evangelist Cisco Spark How Questions? Use Cisco Spark to communicate with the

More information

Cisco Threat Intelligence Director (TID)

Cisco Threat Intelligence Director (TID) The topics in this chapter describe how to configure and use TID in the Firepower System. Overview, page 1 Requirements for Threat Intelligence Director, page 4 How To Set Up, page 6 Analyze TID Incident

More information

DEVNET Introduction to Git. Ashley Roach Principal Engineer Evangelist

DEVNET Introduction to Git. Ashley Roach Principal Engineer Evangelist DEVNET-1080 Introduction to Git Ashley Roach Principal Engineer Evangelist Twitter: @aroach Email: asroach@cisco.com Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the

More information